Skip to content

Use proxy reporting endpoint to subscribe to blocked events#328

Open
SanderDeclerck wants to merge 5 commits intorama-integration-betafrom
rama-blocked-events
Open

Use proxy reporting endpoint to subscribe to blocked events#328
SanderDeclerck wants to merge 5 commits intorama-integration-betafrom
rama-blocked-events

Conversation

@SanderDeclerck
Copy link
Collaborator

@SanderDeclerck SanderDeclerck commented Mar 3, 2026
edited by aikido-pr-checks bot
Loading

Summary by Aikido

Security Issues: 0 🔍 Quality Issues: 3 Resolved Issues: 0

🚀 New Features

  • Added reporting server to accept block events from rama proxy

⚡ Enhancements

  • Integrated reporting endpoint into rama proxy and emitted malwareBlocked events

🔧 Refactors

  • Refactored proxies to EventEmitter API and removed blocking state functions

More info
Base automatically changed from new-proxy-beta to rama-integration-beta March 9, 2026 08:59
aikido-pr-checks[bot]
aikido-pr-checks bot reviewed Mar 9, 2026
View reviewed changes
packages/safe-chain/src/registryProxy/ramaProxy/reportingServer.js
}

function stop() {
return /** @type {Promise<void>} */ (new Promise((resolve) => {
Copy link

@aikido-pr-checks aikido-pr-checks bot Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Complex Promise executor is anonymous; extract into a named function to clarify behavior and make it easier to test.

Details

✨ AI Reasoning
​A Promise executor was added that contains multiple statements: it checks state, sets a timeout, calls server.close with a callback, and resolves. This groups control-flow and resource-cleanup logic inside an anonymous function, which hides behavior and makes unit testing or reuse harder. Naming or extracting this logic would clarify purpose and improve maintainability.

🔧 How do I fix it?
Extract complex anonymous functions into named functions with descriptive names, or add explanatory comments for their purpose.

Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info
aikido-pr-checks[bot]
aikido-pr-checks bot reviewed Mar 9, 2026
View reviewed changes
packages/safe-chain/src/registryProxy/ramaProxy/reportingServer.js
* @param {http.RequestListener} requestListener
* @returns {Promise<{server: http.Server, address: string}>}
*/
function startServer(requestListener) {
Copy link

@aikido-pr-checks aikido-pr-checks bot Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

startServer's purpose is ambiguous (generic name duplicates other startServer functions). Rename to make it explicit (e.g., startReportingServer) so callers and readers understand this starts the reporting HTTP endpoint.

Details

✨ AI Reasoning
​A developer should be able to determine what a function does from its name and context. The newly added function named startServer accepts a generic requestListener and returns a Promise resolving a server and an address. The repository already contains other startServer functions (e.g., in createBuiltInProxyServer) and the generic name makes it unclear whether this starts the reporting endpoint specifically or performs other responsibilities. While the file context implies it's for the reporting server, the identical generic name increases cognitive load and risks confusion when reading call sites or searching the codebase.

🔧 How do I fix it?
Use descriptive verb-noun function names, add docstrings explaining the function's purpose, or provide meaningful return type hints.

Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant

@SanderDeclerck